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MAKING A COMPUTER EXECUTE THE METHOD RECORDED THEREIN 



FTFT.D OF THE INVENTION 

The present invention relates to an authentication system, 
an authentication method, a signing apparatus , a signing method, 

10 a certifying apparatus, a -certifying method, and a recording 
medium for the same for creating an authenticator by applying 
a one-way function to electronic data, appending a signature 
to the electronic data and checking authentication of the 
electronic data using the authenticator. The invention more 

15 particularly relates to an authentication system, an 
authentication method, a signing apparatus, a signing method, 
a certifying apparatus, a certifying method, and a recording 
medium for the same which can efficiently prevent forgery of 
the authenticator. 



RACKGRQUND OF THE INVENTION 

In association with recent development in the computer 
technology, there has increased an opportunity to accumulate 
electronic data such as a document prepared with characters, 
25 numerals, and strings of symbols in a database, or to transfer 
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the data via a network. Considering these facts, how to avoid 
forgery of electronic data accumulated in a database or forgery 
of data during data communications has become a serious problem. 

For solving the problem, there has been known an 
5 authentication technology in which an authenticator created by 
applying a one-way function to electronic data is appended 
thereto when the electronic data is transmitted and whether 
transmitted data is forged or not is verified using this 
authenticator when the electronic data is received. 

10 More specifically, a station which transmits the 

electronic data (signing station) divides the electronic data 
into specified blocks, subjects the data to a signature 
processing by applying a one-way function such as a hash 
function to each of the divided data blocks, and transmits the 

15 data obtained through the processing to a distant station 
(certifying station) . While a station which receives the 
electronic data creates an authenticator by applying a one- 
way function to a portion of the data other than the 
authenticator in the received electronic data, compares the 

20 created authenticator with the authenticator included in the 
electronic data, and verifies whether the electronic data has 
been forged or not. 

However, even if the conventional technology described 
above is used, forgery of or tampering of electronic data can 

25 not possibly be verified if the portion of the authenticator 
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itself is forged, namely if the signature is forged. Therefore, 
prevention of forgery of the signature becomes an issue that 
need to be resolved. 

When a hash function is used, for example, it is possible 
5 to make more difficult to forgery of electronic data by making 
longer a processed block length of the hash function. However, 
it is not realistic to make the processed block length of the 
hash function extraordinarily long. 

Especially, a conventional type of hash function is 

10 formed not based on an organized structural method but based 
on, in many cases, an empirical or an intuitive method obtained 
by combining a logical operation such as AND and OR with four 
rule of arithmetic in a complex manner. Therefore, enormous 
man power is required for experiments or the like when the block 

15 length of the hash function is to be increased. 

S UMMARY OF TH E INVENTION 

It is an object of the present invention to provide, for 
the purpose of solving the problem described above, an 

20 authentication system, an authentication method, a signing 
apparatus, a signing method, a certifying apparatus, a 
certifying method, and a recording medium for the same which 
can efficiently prevent the forgery of the authenticator, when 
checking the authentication of the electronic data from an 

25 authenticator created using a one-way function. 



With the present invention, a signing station creates a 
plurality of authenticators using a plurality of one-way 
functions then and links these plurality of authenticators to 
the electronic data, so that the length of the authenticators 
5 to be appended to the information can easily be made longer, 
which makes it possible to reduce a probability of 
misidentif ication of a forged authenticator . 

With the present invention, the whole authenticator is 
not linked to the information, but only a portion of data 
*?j 10 obtained by truncating each of the authenticator is linked, 
^ which makes it more difficult for a third party to forge the 

%l authenticator . 

* : = With the present invention, a one-way operation is 

£;! performed with the data using a different key, so that the length 

fQ 15 of the authenticators to be appended to the information can be 
vy made longer without utilizing a special one-way operation. 

With the present invention, authenticators are 
discretely and independently prepared in parallel with each 
other, so that a plurality of authenticators can quickly be 
prepared . 

Wr th ' Lhe pres - ent/dfnvcntion, an authont i cator d^s-prepa-E^ed- 
by utilizing intermediate data generated when other the 
authenticator /is created, so that generation of the 
authenticajror is made more complicated, which makes it still 

25 'ii * -i rH parhy t- n fnrrjn thn ill t hf"ll Li X .<l L P * > 
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With the present invention, a signing station executes 
a step of preparing a plurality of authenticator s by applying 
a different one-way function to each data, and a step of linking 
the created authenticator s to the information, so that the 
5 length of the authenticators to be appended to the information 
can easily be made longer, which makes it possible to reduce 
a probability of misidentif ication of a forged authenticator. 

With the present invention, there is a step of not linking 
the created whole authenticators to the information but linking 
10 only a portion of the data obtained by truncating each of the 
authenticators, which makes it more difficult for a third party 
to forge the authenticators. 

With the present invention, there is a step of performing 
a one-way operation with the data using a different key, so that 
15 the length of the authenticators to be appended to the 
information can be made longer without utilizing a special 
one-way operation . 

With the present invention, there are steps of discretely 
and independently creating the authenticators in parallel with 
20 each other, so that a plurality of authenticators can quickly 
be created. 

With the present invention, there is a step of preparing 
the authenticator by utilizing an intermediate data generated 
when other authenticator is created, so that creation of the 
25 authenticator is made more complicated, which makes it still 



difficult for a third party to forge the authenticator . 

With the present invention, the program stored in the 
recording medium makes a signing station execute a step of 
creating a plurality of authenticators by applying a different 
5 one-way function to each data, and a step of linking the created 
authenticators to the information, so that the length of the 
authenticators to be appended to the information can easily be 
made longer, which makes it possible to reduce a probability 
of misidentif ication of the forged authenticator. 
10 Other objects and features of this invention will become 

understood from the following description with reference to the 
accompanying drawings . 

BRTEF DESCRIPTION OF THE DRAWINGS 
15 Fig. 1 shows a system configuration of the authentication 

system used in an embodiment of the present invention; 

Fig. 2A and Fig. 2B show more specific configuration 

(independent and multi-parallel configuration) of the 

authentication system shown in Fig. 1; 
20 Fig. 3A and Fig. 3B show a case where the authentication 

system shown in Fig. 1 operates independently in three parallel 

branches ; 

Fig. 4A shows configuration and Fig. 4B shows operation 
when the hash units 2 perform parallel processing in association 
25 with each other; 




Fig. 5 is a view showing one example of a document as an 
object for processing; and 

Fig. 6A and Fig. 6B explain the safety in the 
authentication system used in the embodiment. 

5 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Detailed description is made hereinafter for preferred 
embodiments of the present invention with reference to Fig. 1 
to Fig. 6. It should be noted that this embodiment explains 

10 a case in which text data included in a document is the target 
data and an authenticator is created by applying a hash function 
to this target data. 

Fig. 1 is a block diagram showing system configuration 
of the authentication system used in the embodiment of the 

15 present invention. In the left-hand side of Fig. 1 is a 
signature side (a signing station) which creates an 
authenticator by applying a hash function to the text data and 
links this authenticator to the text data before transmission. 
In the right-hand side of Fig. 1 is an authentication side (a 

20 certifying station) which creates an authenticator by applying 
a hash function to the data obtained by removing the 
authenticator from the received data, comparing the created 
authenticator with the authenticator included in the received 
data to check the correctness of the text data. Although it 

25 is assumed in this embodiment that a communication error will 
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not occur in the process of transmission of data from the signing 
station to the certifying station. However, occurrence of 
error may be prevented by using an error-correction code or the 
like in some other cases. 
5 At first, configuration of the signing station is 

described. As shown in Fig. 1, the signing station comprises 
a plurality of hash units 2 and keys 3, and a linking unit 5, 
and it is assumed that data 1 is input to this signing station. 

The data 1 is text data as an object for transmission to 

10 the certifying station and consists of a plurality of data Dl 
to Dn obtained by dividing the data into each data with a size 
corresponding to a data length for a hash function. This data 
1 is text data which contains numerals, characters, or symbols 
included in a document shown in Fig. 5, and, for example, "The 

15 present invention" shown in Fig. 5 corresponds to data Dl . 

>. 

"the data Dl to Dn using/fceys Kl to Kn to authentication signs 
CS1 to CSn respectively, and they output the converted 
authentication si^ns CS1 to CSn to the linking unit 5 . Although 
20 it is assumed that the hash units 2 perform processing 
correspon^ng to a known hash function in a protocol or the like 
for a yifiethod of verifying authentication signs based on the 
cqpfv^ntional technology, it is not always required that reverse 
i versior u- 4-s — eirsxiredv 
25 The keys 3 are the secret keys used when the hash units 
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2 perform scramble of one-way data compression, and 
authentication signs 4 are prepared by the hash units 2 
according to the keys Kl to Kn. 

The linking unit 5 links the authenticators 4 created by 
5 the hash units 2 to data Dl to Dn that should originally be 
transmitted, and the linked authenticators 4 are appended, for 
example, to the end of the document as shown in Fig. 5. 

Next, configuration of the certifying station is 
described. As shown in Fig . 1, the certifying station comprises 
10 a separating unit 7, a plurality of hash units 2 and keys 3, 
and a comparing unit 8, and data received from the signing 
station is input to the certifying station. 

The separating unit 7 separates the data received from 
the signing station into data Dl 1 to Dn ! and the authentication 
15 signs 4. The data Dl 1 to Dn 1 is inputted into the hash units 
2, while the authenticators 4 are inputted into the comparing 
unit 8 . 

The comparing unit 8 compares the authentication signs 
separated from the received data with the authenticators 
20 created from the data Dl 1 to Dn 1 . The comparing unit 8 certifies 
that the data is authentic when the authenticators are 
coincident with each other, and certifies that the data is 
forged one when the authenticators are not coincident . 

As described above, the authentication system according 
25 to this embodiment is so configured that a signing station 




prepares a plurality of authenticators CS1 to CSn using a 
plurality of hash units, so that a data length of authenticators 
can be made longer, which makes it difficult to forge the 
authenticator by a third party. 
5 A sequence of processing by the signing station and the 

certifying station of the authentication system shown in Fig. 
1 is described below. 

(1) Creation of authenticators in the signature station: 
(1-1) The hash units 2 create CS1 to CSn each as the 

10 authenticators 4 by performing the processing of a one-way 

function using a key for each of input data Dl to Dn respectively 

into which the text data has been divided. 

(1-2) The linking unit 5 links the authenticators CS1 to 

CSn created by the hash units 2 to the data Dl to Dn. As a result, 
15 for example, authenticators of 8 digits each consisting of 4 

bits are appended, for example, to the end of the text as shown 

in the document of Fig. 5. 

As described above, authenticators are created with a 

different key for each of the data Dl to Dn into which the text 
20 data has been divided, which makes it extremely difficult for 

a third party to forge the authenticator, thus reliability of 

text data being enhanced. 

(2) Creation of authenticators in the certifying station: 
(2-1) The document shown in Fig. 5 prepared in the above 

25 step (1) is separated into the authenticators CS1 to Cn and data 
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Dl 1 to Dn' . 

(2-2) The hash units 2 create CS1* to CSn' as the 
authenticators 4 for the separated data Dl 1 to Dn 1 respectively 
by using a different key. 
5 (2-3) The created authenticators CS1' to CSn 1 are compared 

with the separated authenticators CS1 to CSn, and whether the 
authenticators are coincident with each other or not is 
determined. When the authenticators are coincident, then the 
text data is recognized as not being forged, namely as an 

10 authentic one. On the other hand, when even a single 
authenticator is not coincident, then the text data is 
recognized as being a forged one. 

As described above, the certifying station creates 
authenticators CS1 T to CSn 1 each with a different key for each 

15 of the data Dl 1 to Dn 1 separated from received data, compares 
the created authenticators CS1 1 to CSn ? with the authenticators 
CS1 to CSn which are separated from the received data, 
determines the text data as an authentic one when it is 
determined that all the authenticators are coincident with each 

20 other, on the other hand, determines the text data as a forged 
one when even one authenticator is not coincident. 

More specific configuration (independent and multi- 
parallel configuration) of the authentication system shown in 
Fig. 1 is described. Fig. 2 is a block diagram showing more 

25 specific configuration (independent and multi-parallel 




configuration) of the authentication system shown in Fig. 1. 
Herein a case is assumed in which authenticators CS1 to CSn are 
created concurrently as well as in parallel from each of the 
input data Dl to Dn by using a different key. 
5 Fig. 2A shows configuration of the authentication system, 

and in Fig. 2A, input data Dl to Dn is data Dl to Dn into which 
the text data as an object for transmission is divided. The 
hash units 2 create the authenticators CS using the keys K. More 
specifically, each of the hash units 2 consists of an EOR 21, 
10 a one-way function 22 such as a hash function, and a truncator 
23. 

The EOR 21 executes an operation of an exclusive OR, and 
operates herein an exclusive OR between the input data and a 
value obtained in the one-way function 22 in the previous time 

15 (an initial value IV is used for the first time) . 

The one-way function (corresponds to a one-way function 
device) 22 creates an irreversible authenticator CS with the 
help of the one-way function from the data processed in the EOR 
21 based on the key K. 

20 The truncator 23 truncates the authenticator CS prepared 

by the one-way function 22 and outputs the truncated 
authenticator. When the authenticator created by the one-way 
function 22 is outputted as it is, data length of the 
authenticator is naturally increased. However, an increase in 

25 the data length of the authenticator CS does not increase the 



safety of data but it only increase the amount of data to be 
transmitted . 

Therefore, the truncator 23 truncates a portion of the 
authenticator created by the one-way function 22 so. that 
increase in a data length of the authenticator CS is made really 
useful. Even if the authenticator is truncated, a symbol space 
same as that in the case where the authenticator are transmitted 
without being truncated is formed, therefore, security of data 
is not possibly reduced. Further, the security surely 
increases due to the truncation, because a third party will not 
know where the authenticator is truncated. 

Output data (Dl to Dn, CS1 to CSn) is obtained, as shown 
in Fig. 5, by linking the created authenticators CS1 to CSn to 
input data Dl to Dn. 

Fig. 2B shows how the authenticator CS is generated, and 
a portion of the left of Fig. 2B shows especially how the 
authenticator CS1 is generated. 

In the left portion in Fig. 2B, 
(D "IV = Public constant" indicates that a public constant 
is set as the initial value IV which is inputted into the EOR 
21 forming a part of the hash unit 2 in the far left side of 
Fig. 2A. 

(D "EK1 [ IV (+) Dl] =L11" indicates that the EOR 21 in Fig. 2A 
operates an exclusive OR between the initial value IV set in 
® and the input data Dl, and that the one-way function 22 




performs a one-way operation (e.g., an operation by a hash 
function) with respect to the value obtained by operating the 
exclusive OR using the key Kl to obtain a value Lll. 

(3) "EKl [Lll ( + ) D2] =L12" indicates that the EOR 21 in Fig. 2A 
5 operates an exclusive OR between the value Lll obtained in © 
and the second input data D2, and that the one-way function 22 
performs a one-way operation (e.g., an operation by a hash 
function) with respect to the value obtained by operating the 
exclusive OR using the key Kl to obtain a value L12. 

10 © "EKl [LI (n-1) ( + )Dn]=Lln ,f indicates that the EOR 21 in Fig. 
2A operates, similarly as described above, an exclusive OR 
between the previously obtained value LI (n-1) and n-th data 
Dn, and that the one-way function 22 performs a one-way 
operation (e.g., an operation by a hash function) with respect 

15 to the value obtained by operating the exclusive OR using the 
key Kl to obtain a value Lin. 

® "Tr [Lin] =CS1" indicates that, when the operation is 
performed with respect to the last i.e. the n-th data Dn, a result 
of the last operation is outputted as the authenticator CS1. 

20 Thus, the authenticator CS1 can be created by using the 

key 1 and initial value IV through the sequence of © to ® 
described above. 

The central and the right portions of Fig. 2B respectively 
show, similarly to the sequence of© to® in the left portion, 

25 sequence of computing the authenticators CS2 and CS3 




respectively. By repeating the same operation, authenticators 
up to CSn can also be computed. 

As described above, it is possible to concurrently 
compute authentication signs CSl to CSn by using the keys Kl 
5 to Kn independently in n parallel branches. Herein, a forgery 
probability per CSn is l/2 np (where p is a bit length of the 
authentication sign) . This forgery probability can be reduced 
by increasing a number of authenticators CS . Even if a number 
of authenticators CS is increased, because the processing is 
10 done parallel, a time required for the processing does not 
change . 

Next, a configuration as well as an operation is described 
when n=3 (independent triple-parallel configuration) in Fig. 
2A and Fig. 2B with reference to Fig. 3A and Fig. 3B. Fig. 3A 
15 is a view showing a case where the authentication system shown 
in Fig. 1 operates independently in three parall.el branches. 

Fig. 3A shows configuration of a case where n in Fig. 2A 
is set to 3. The same reference numerals as those in Fig. 2A 
are assigned to the hash units 2, the EOR21, the one-way function 
20 22, and the truncator 23, and detailed description thereof is 
omitted herein. 

Fig. 3B shows how the authenticators CSl to CS3 are 
generated in the hash units 2. Especially, the left portion 
of Fig. 3B shows a sequence of processing when the authenticator 
25 CSl is created from the input data Dl to D3, the key Kl, and 



initial value IV shown in Fig. 3A. 

In the left portion in Fig. 3B, 
Q. ,r IV = public constant" indicates that a public constant 
is set as the initial value IV which is inputted into the EOR 

21 in the first hash unit 2 from the left side of Fig. 3A. 

(2) f "EK1 [ IV ( + ) Dl ] =L11" indicates that the EOR 21 in Fig. 3A 
operates an exclusive OR between the initial value IV set in 
®' and the first input data Dl, and that the one-way function 

22 performs a one-way operation (e.g., an operation by a hash 
function) with respect to the value obtained by operating the 
exclusive OR using the key Kl to obtain a value Lll. 

(3) ' "EK1[L11( + )D2]=L12" indicates that the EOR 21 in Fig. 3A 
operates an exclusive OR between the value Lll obtained in ® 
' and the second input data D2, and that the one-way function 
22 performs a one-way operation (e.g., an operation by a hash 
function) with respect to the value obtained by operating the 
exclusive OR using the key Kl to obtain a value L12 . 

®' "EK1 [L12 ( + ) D3] =L13" indicates that the EOR 21 in Fig. 3A 
operates, similarly as described above, an exclusive OR between 
the previously obtained value L12 and 3rd data D3, and that the 
one-way function 22 performs a one-way operation (e.g., an 
operation by a hash function) with respect to the value obtained 
by operating the exclusive OR using the key Kl to obtain a value 
Lin. 

(D 1 "Tr [L13] =CS1" indicates that, when the operation is 
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performed with respect to the last i.e. 3rd data D3, a result 
of the 3rd operation is outputted as the authenticator CS1. 

The central portion and the right portion of Fig. 3B 
respectively show, similarly to the sequence of Q ! to (D f in 
5 left portion, sequence of computing authenticators CS2 and CS3 . 

Through the above mentioned sequence of® 1 to® 1 , it is 
possible to concurrently and independently compute 
authenticators CS1 to CS3 by using the keys Kl to K3 
respectively . 

10 A case has been explained above in which the hash units 

2 perform parallel processing in three branches concurrently 
and independently. However, the present invention is not 
limited to this and it may be applied to a case in which the 
hash units 2 perform parallel processing in association with 

15 each other and not concurrently. 

The case in which the hash units 2 perform parallel 
processing in association with each other is explained here. 
Fig. 4A shows configuration and Fig. 4B shows operation when 
hash units 2 perform parallel processing in association with 
20 each other. More specifically, these figures show a case in 
which n is set to 3 and intermediate data in a previous stage 
is used as an initial value in the next stage. 

Fig. 4A shows configuration of a case where n is set to 

3 and intermediate data in a previous stage is used as the initial 
25 value in the next stage. The same reference numerals as those 




in Fig. 2A are assigned to the hash units 2, the EOR 21, the 
one-way function 22, and the truncator 23, and detailed 
description thereof is omitted herein. 

This case is different from the case shown in Fig. 3A in 
5 that the initial value IV is set according to the intermediate 
data generated in other hash unit 2. The hash units 2 are so 
configured that as the initial value IV, intermediate data 
generated in other hash unit 2 is substituted. This 
configuration allows the authenticator CS to become more 

10 complicated, therefore, security is highly enhanced. 

Fig. 4B shows how the authenticators CS1 to CS3 are 
generated in the hash units 2. Especially, the left portion 
of this figure shows a sequence of computing the authenticator 
CS1 in the hash unit 2 shown in the far left side of Fig. 4A. 

15 It should be noted that, the authenticator CS1 is computed 
through the same sequence as that from® 1 to (D'.of the left 
portion in Fig. 3B, therefore, intermediate data generated in 
other hash unit 2 is not used. 

The central portion in Fig. 4B shows a sequence of 

20 computing the authenticator CS2 in the hash unit 2 second from 
the left side in Fig. 4A. Herein, the authenticator CS2 is 
computed by using an intermediate result (L12) shown by arrow 
® obtained in the previous stage as the initial value through 
the same sequence as that from® 1 to® 1 shown in the left portion 

25 of Fig. 3B. Namely, in this second hash unit 2 , the intermediate 



• 



data obtained in the first hash unit 2 is used. 

The left portion of Fig. 4B shows a sequence of computing 
the authenticator CS3 in the hash unit 2 third from the left 
side in Fig. 4A. Herein, the authenticator CS3 is computed by 
5 using an intermediate result (L22) shown by arrow ® obtained 
in the previous stage as the initial value through the same 
sequence as that from ®' to (D 1 shown in the left portion of 
Fig. 3B. Namely, in this third hash unit 2, the intermediate 
data obtained in the second hash unit 2 is used. 

10 Through the above mentioned sequence, the hash units 2 

are configured so as not to independently compute the 
authenticators CS1 to CS3 but to compute them in association 
with each other. This configuration allows a sequence of 
creation of the authenticators CS1 to CS3 to become more 

15 complicated, therefore, it becomes more difficult for a third 
party to forge the text data. 

Fig. 6A and Fig. 6B are conceptual views for explaining 
safety of the authentication system used in this embodiment. 
Fig. 6A shows the concept of the present invention while Fig. 

20 6B shows the concept of the conventional technology. 

In Fig. 6B, a text space M is a virtual space possibly 
occupied by the text as an object to be forged, and the 
authenticator space is a virtual space possibly occupied by the 
authenticator. When the text space M corresponds to the 

25 authenticator space one to one, it becomes necessary to increase 




the block length of the authenticator in order to make smaller 
a forged text space M2 on the text space M in the manner shown 
with the circle indicated by a dotted line to the circle 
indicated by a solid line, so that a probability that the forged 
5 authenticator is by mistake recognized as the genuine 
authenticator is reduced. 

However, as the block length of the authenticator depends 
on the processing block length of a hash function, the block 
length of the authenticator cannot be easily made longer. 

10 Therefore, in the present invention, as shown in Fig. 6A, 

a forged space is made smaller by making use of a plurality of 
keys, so that the probability that the forged authenticator is 
by mistake recognized as the genuine authenticator is reduced. 
More specifically, assuming in Fig. 6A that a forged-text space 

15 on the text space M when the key Kl is used is Ml, that a forged 
text space on the text space M when the key K2 is. used is M2, 
and that a forged text space on the text space M when the key 
K3 is used is M3, and when the keys Kl, K2, and K3 according 
to the present invention are used, the space for forgery is a 

20 space for forgery M123 which is extremely small and it is the 
area commonly shared by the spaces for forgery Ml, M2, and M3, 
thus a probability that the data can be forged becomes still 
smaller . 

As described above, in the present invention, the signing 
25 station creates a plurality of authenticators using a plurality 



of one-way functions then and links these plurality of 
authenticators to the electronic data, while the certifying 
station compares the authenticators created from the electronic 
data which is separated from the received data with the 
5 authenticators included in this received data, and verifies 
whether the electronic data is a forged one or not. Therefore, 
with the present invention, even when the electronic data is 
a forged one, the probability of misidentif ication that the 
forged data may be erroneously recognized as an authentic data 

10 can greatly and easily be reduced, further, the probability of 
misidentif ication can be reduced through parallel processing 
without increasing the time required for preparing 
authenticators . 

Furthermore, as the authenticator is truncated using a 

15 truncator, the probability of misidentif ication of a forged 
authenticator can further be reduced without increasing the 
amount of data required for the authenticator to be appended 
to the electronic data. In addition, intermediate data 
obtained when the authenticator is created in a previous stage 

20 is used as the initial value in the next stage, which allows 
the probability of misidentif ication to further be reduced. 

The above description assumes that the object for 
processing is text data in a document. However, the present 
invention is not limited to the above case, but is also 

25 applicable to various types of multimedia data such as image 

21 




data, video data, or audio data. In addition, although it has 
been described above that a hash function is used as a one- 
way function, the present invention is not limited to the above 
case, and any one-way function other that the hash function may 
5 be used. 

Although the invention has been described with respect 
to a specific embodiment for a complete and clear disclosure, 
the appended claims are not to be thus limited but are to be 
construed as embodying all modifications and alternative 
10 constructions that may occur to one skilled in the art which 
fairly fall within the basic teaching herein set forth. 
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